Academia warns to guard 'crown jewels' after British Library hack

Academia warns to guard 'crown jewels' after British Library hack

LONDON

While cyber-attacks on banks, utilities and media platforms may grab the most attention, the hacking of the British Library has led to warnings that academia has become an easy target.

The British Library's collection is one of the world's largest, comprising around 170 million items including books, magazines, manuscripts, newspapers, maps, music scores, stamps, digital materials and sound recordings.

Among its most treasured items are the earliest surviving copy of the Old English epic poem "Beowulf" and the first collected edition of William Shakespeare's plays.

The organization said at the end of October that electronic services, including its crucial catalogue, were out of action because of a cyber attack, making it almost impossible to find items.

Its 600,000 doctoral theses, vital for students and researchers, also went offline.

"We're talking about a huge digital library. We're talking about journals that are key to writing papers," Louise Marie Hurel, researcher at the London School of Economics and the Royal United Services Institute think-tank's cybersecurity program, told AFP.

"It's not just about lending or borrowing books... It is a national jewel in terms of the knowledge it bears," added Hurel, who frequently studied at the library when studying for her masters degree.

The catalogue went back online on Jan. 15 but Azeem Aleem, managing director for Northern Europe at cyber technology firm Sygnia, said the situation remained "critical," with the library saying it could take months to fully restore services.

Aleem warned that academia and the public sector were becoming a "gold mine" for hackers, given their relatively lax security protocols.

Hacking group Rhysida claimed responsibility for the ransomware attack, in which files on the host's system are encrypted and can only be unlocked by paying a fee.

Paul Tumelty, U.K. head of Google Cloud's cybersecurity group Mandiant Consulting, told AFP the hackers would probably have gained an "initial foothold" via "phishing or vulnerability exploitation," which could have involved a member of staff opening an email attachment.

While the data accessed may not be as sensitive as in other industries, the reputational stature of the British Library made it a prime target, said Aleem.

The library refused to pay the 20-bitcoin ransom ($850,000) and the group retaliated by releasing around 500,000 files containing personal data of staff, readers and visitors onto the dark web.

Crown jewels

It is possible that the institution was warned against paying the ransom, so as not to empower cyber-criminals, added Aleem. But it now faces recovery costs of at least £6.0 million ($7.6 million), around 40 percent of its financial reserves.

British Library chief executive Roly Keating wrote in a blog that academia's philosophy of openness was being used against it.

"Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack," he said.

Hurel said those "core values" need not be compromised, just better protected.

"This means being more careful about basic practices of back-up, making sure that you invest a little bit more on cybersecurity," she added.

She also urged the government to launch a campaign to raise awareness and to classify the education sector as part of the U.K.'s critical infrastructure.

It is not just about preventing breaches but also about mitigating the effects once it has happened, said Aleem.

He added that Rhysida may have had unfettered access to the British Library network "for one to two weeks, if not more".

"The problem is they [British Library] didn't understand what the crown jewels were and how to protect them. You have to protect the crown jewels."

The recovery process will involve finding and deploying data back-ups, building resilience and the painstaking job of tracing the attackers' digital footprint to understand how it spread through the system.

He urged institutions to step up security by staging simulated hacks and establishing "war rooms" that can respond quickly to attacks.